Compare commits
	
		
			12 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | b4776b50e2 | ||
|  | 2458b38b75 | ||
|  | 249e28a8b5 | ||
|  | ba9e2d6121 | ||
|  | f042b82a50 | ||
|  | 59071177ad | ||
|  | 6450cd1f20 | ||
|  | 90bc244f3e | ||
|  | 6e52a509db | ||
|  | 5ca666981a | ||
|  | 36f22e5ca6 | ||
|  | a112a5e57c | 
| @@ -15,7 +15,8 @@ ma1sd - Federated Matrix Identity Server | |||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| * This project is a fork of the https://github.com/kamax-matrix/mxisd which has been archived and no longer supported. * | * This project is a fork (not successor) of the https://github.com/kamax-matrix/mxisd, which has been archived and no longer maintained as a standalone product. | ||||||
|  | Also, ma1sd is supported by the volunteer not developers of the original project. | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
|   | |||||||
| @@ -103,7 +103,7 @@ session: | |||||||
|     validation: |     validation: | ||||||
|       enabled: true |       enabled: true | ||||||
|     unbind: |     unbind: | ||||||
|       notification: |       notifications: true | ||||||
|       enabled: true |       enabled: true | ||||||
|  |  | ||||||
| # DO NOT COPY/PASTE AS-IS IN YOUR CONFIGURATION | # DO NOT COPY/PASTE AS-IS IN YOUR CONFIGURATION | ||||||
| @@ -115,7 +115,7 @@ are allowed to do in terms of 3PID sessions. The policy has a global on/off swit | |||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| `unbind` controls warning notifications for 3PID removal.   | `unbind` controls warning notifications for 3PID removal. Setting `notifications` for `unbind` to false will prevent unbind emails from sending. | ||||||
|  |  | ||||||
| ### Web views | ### Web views | ||||||
| Once a user click on a validation link, it is taken to the Identity Server validation page where the token is submitted.   | Once a user click on a validation link, it is taken to the Identity Server validation page where the token is submitted.   | ||||||
|   | |||||||
| @@ -140,7 +140,7 @@ public class AuthManager { | |||||||
|                 } |                 } | ||||||
|  |  | ||||||
|                 try { |                 try { | ||||||
|                     MatrixID.asValid(mxId); |                     MatrixID.asAcceptable(mxId); | ||||||
|                 } catch (IllegalArgumentException e) { |                 } catch (IllegalArgumentException e) { | ||||||
|                     log.warn("The returned User ID {} is not a valid Matrix ID. Login might fail at the Homeserver level", mxId); |                     log.warn("The returned User ID {} is not a valid Matrix ID. Login might fail at the Homeserver level", mxId); | ||||||
|                 } |                 } | ||||||
|   | |||||||
| @@ -48,6 +48,8 @@ public class SessionConfig { | |||||||
|  |  | ||||||
|             private boolean enabled = true; |             private boolean enabled = true; | ||||||
|              |              | ||||||
|  |             private boolean notifications = true; | ||||||
|  |  | ||||||
|             public boolean getEnabled() { |             public boolean getEnabled() { | ||||||
|                 return enabled; |                 return enabled; | ||||||
|             } |             } | ||||||
| @@ -55,11 +57,20 @@ public class SessionConfig { | |||||||
|             public void setEnabled(boolean enabled) { |             public void setEnabled(boolean enabled) { | ||||||
|                 this.enabled = enabled; |                 this.enabled = enabled; | ||||||
|             } |             } | ||||||
|  |              | ||||||
|  |             public boolean shouldNotify() { | ||||||
|  |                 return notifications; | ||||||
|  |             } | ||||||
|  |              | ||||||
|  |             public void setNotifications(boolean notifications) { | ||||||
|  |                 this.notifications = notifications; | ||||||
|  |             } | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         public Policy() { |         public Policy() { | ||||||
|             validation.enabled = true; |             validation.enabled = true; | ||||||
|             unbind.enabled = true; |             unbind.enabled = true; | ||||||
|  |             unbind.notifications = true; | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         private PolicyTemplate validation = new PolicyTemplate(); |         private PolicyTemplate validation = new PolicyTemplate(); | ||||||
|   | |||||||
| @@ -57,6 +57,7 @@ import org.slf4j.Logger; | |||||||
| import org.slf4j.LoggerFactory; | import org.slf4j.LoggerFactory; | ||||||
|  |  | ||||||
| import java.io.IOException; | import java.io.IOException; | ||||||
|  | import java.net.URI; | ||||||
| import java.nio.charset.StandardCharsets; | import java.nio.charset.StandardCharsets; | ||||||
| import java.util.Base64; | import java.util.Base64; | ||||||
| import java.util.Calendar; | import java.util.Calendar; | ||||||
| @@ -218,8 +219,15 @@ public class SessionManager { | |||||||
|             throw new BadRequestException("Missing required 3PID"); |             throw new BadRequestException("Missing required 3PID"); | ||||||
|         } |         } | ||||||
|  |  | ||||||
|  |         // We only allow unbind for the domain we manage, mirroring bind | ||||||
|  |         final CharSequence domain = cfg.getMatrix().getDomain(); | ||||||
|  |         if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) { | ||||||
|  |             throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound"); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         log.info("Request was authorized."); | ||||||
|         if (StringUtils.isNotBlank(sid) && StringUtils.isNotBlank(secret)) { |         if (StringUtils.isNotBlank(sid) && StringUtils.isNotBlank(secret)) { | ||||||
|             checkSession(sid, secret, tpid, mxid); |             checkSession(sid, secret, tpid); | ||||||
|         } else if (StringUtils.isNotBlank(auth)) { |         } else if (StringUtils.isNotBlank(auth)) { | ||||||
|             checkAuthorization(auth, reqData); |             checkAuthorization(auth, reqData); | ||||||
|         } else { |         } else { | ||||||
| @@ -227,8 +235,10 @@ public class SessionManager { | |||||||
|         } |         } | ||||||
|  |  | ||||||
|         log.info("Unbinding of {} {} to {} is accepted", tpid.getMedium(), tpid.getAddress(), mxid.getId()); |         log.info("Unbinding of {} {} to {} is accepted", tpid.getMedium(), tpid.getAddress(), mxid.getId()); | ||||||
|  |         if (cfg.getSession().getPolicy().getUnbind().shouldNotify()) { | ||||||
|             notifMgr.sendForUnbind(tpid); |             notifMgr.sendForUnbind(tpid); | ||||||
|         } |         } | ||||||
|  |     } | ||||||
|  |  | ||||||
|     private void checkAuthorization(String auth, JsonObject reqData) { |     private void checkAuthorization(String auth, JsonObject reqData) { | ||||||
|         if (!auth.startsWith("X-Matrix ")) { |         if (!auth.startsWith("X-Matrix ")) { | ||||||
| @@ -269,11 +279,15 @@ public class SessionManager { | |||||||
|             throw new BadRequestException("Missing required header parameters"); |             throw new BadRequestException("Missing required header parameters"); | ||||||
|         } |         } | ||||||
|  |  | ||||||
|  |         if (!cfg.getMatrix().getDomain().equalsIgnoreCase(origin)) { | ||||||
|  |             throw new NotAllowedException("Only Matrix IDs from domain " + origin + " can be unbound"); | ||||||
|  |         } | ||||||
|  |  | ||||||
|         JsonObject jsonObject = new JsonObject(); |         JsonObject jsonObject = new JsonObject(); | ||||||
|         jsonObject.addProperty("method", "POST"); |         jsonObject.addProperty("method", "POST"); | ||||||
|         jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind"); |         jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind"); | ||||||
|         jsonObject.addProperty("origin", origin); |         jsonObject.addProperty("origin", origin); | ||||||
|         jsonObject.addProperty("destination_is", cfg.getServer().getPublicUrl()); |         jsonObject.addProperty("destination_is", URI.create(cfg.getServer().getPublicUrl()).getHost()); | ||||||
|         jsonObject.add("content", reqData); |         jsonObject.add("content", reqData); | ||||||
|  |  | ||||||
|         String canonical = MatrixJson.encodeCanonical(jsonObject); |         String canonical = MatrixJson.encodeCanonical(jsonObject); | ||||||
| @@ -340,7 +354,7 @@ public class SessionManager { | |||||||
|         log.info("Request was authorized."); |         log.info("Request was authorized."); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     private void checkSession(String sid, String secret, ThreePid tpid, _MatrixID mxid) { |     private void checkSession(String sid, String secret, ThreePid tpid) { | ||||||
|         // We ensure the session was validated |         // We ensure the session was validated | ||||||
|         ThreePidSession session = getSessionIfValidated(sid, secret); |         ThreePidSession session = getSessionIfValidated(sid, secret); | ||||||
|  |  | ||||||
| @@ -348,13 +362,5 @@ public class SessionManager { | |||||||
|         if (!session.getThreePid().equals(tpid)) { |         if (!session.getThreePid().equals(tpid)) { | ||||||
|             throw new BadRequestException("3PID to unbind does not match the one from the validated session"); |             throw new BadRequestException("3PID to unbind does not match the one from the validated session"); | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         // We only allow unbind for the domain we manage, mirroring bind |  | ||||||
|         final CharSequence domain = cfg.getMatrix().getDomain(); |  | ||||||
|         if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) { |  | ||||||
|             throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound"); |  | ||||||
|         } |  | ||||||
|  |  | ||||||
|         log.info("Request was authorized."); |  | ||||||
|     } |     } | ||||||
| } | } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user